Try adding an extra bracket like this
var sql = "select * from Users_tbl WHERE ((([Email] = @EmailParam) OR ([UserID] = @UserIDParam)]) AND ([Password] = @PasswordParam))";
Вопрос
I want to build login system in C# and using sql Data reader, like Facebook, user can login to its account by using Email or UserID and Password. I wrote this code but does not working what is my problem or can you recommending.
sql = "select * from Users_tbl WHERE (([Email] = @EmailParam) OR ([UserID] = @UserIDParam) AND ([Password] = @PasswordParam))";
SqlCommand cmd = new SqlCommand(sql, con);
SqlParameter uemail = new SqlParameter("@EmailParam", SqlDbType.NVarChar, 80);
uemail.Value = txtEmailUserID.Text.Trim().ToString();
cmd.Parameters.Add(uemail);
SqlParameter userid = new SqlParameter("@UserIDParam", SqlDbType.NVarChar, 50);
userid.Value = txtEmailUserID.Text.Trim().ToString();
cmd.Parameters.Add(userid);
SqlParameter upass = new SqlParameter("@PasswordParam", SqlDbType.NVarChar, 80);
upass.Value = txtPassword.Text.Trim().ToString();
cmd.Parameters.Add(upass);
SqlDataReader dr = cmd.ExecuteReader();
while(dr.read())
{
// session variables
}
Решение 2
Try adding an extra bracket like this
var sql = "select * from Users_tbl WHERE ((([Email] = @EmailParam) OR ([UserID] = @UserIDParam)]) AND ([Password] = @PasswordParam))";
Другие советы
This seems too simple. Try to experiment. Select the database. List the tables. Create the same type of query with the same input parameters using SQL management studio or LINQ-to-EF. At some point the problem will surface. Good luck.
I also looked at the operator precedence which does not appear to be the problem: http://technet.microsoft.com/en-us/library/ms190276.aspx